v0.14.0 Spoiled Sloth
Look at that! This sloth is spoiled rotten! 🦥 👀
Here's GoToSocial version 0.14.0 Spoiled Sloth!
Release highlights
- Account aliasing. You can now set the
alsoKnownAs
field on your account via the settings panel, to indicate other accounts you own. This doesn't do much now, but it's the first step towards the Move implementation for account migration coming in v0.15.0. We originally wanted to include Move in this release but it needs more testing so we pushed it back. Hang in there :) - Much better thread sorting. Conversation threads on both the web view and client API use a new sorting mechanism which makes them way more readable. No longer will replies in a thread be scattered all over the place.
- Better HTTP signature support. We fixed a longstanding issue with including vs not including query parameters in signed GET requests. We now try (and accept) both methods of constructing signatures. Which leads to...
- Improved thread fetching. You'll see far fewer "orphaned" statuses in your timeline now, and you'll see more replies on statuses from other instances.
- Syntax highlighting for code blocks on the web UI. When you include a code block in your markdown now, and correctly indicate the language the code is written in, it will be syntax highlighted when rendered on your profile in the web UI. This requires javascript, but it's a progressive enhancement feature. Visitors to your profile with javascript turned off will just see the code block without syntax highlighting :)
- Improved "about this instance" page, with a link to the page in the nav bar. Previously the "about this instance" page was more or less hidden. We've now surfaced it better, so you can write all your terms and conditions and instance description stuff there. Relatedly....
- Parse instance descriptions and terms and conditions as markdown. Previously it was very difficult to properly edit these fields, because you had to read + write HTML to do so. Now they're parsed as markdown. This means you can more easily include things like blockquotes, lists, etc.
- Big refactor of HTML templates + CSS. We did a serious rework of HTML templates to fix indentation. Previously if you did "view source" on a GoToSocial profile page, you'd see a mess of sloppily-indented HTML. With this refactor, the HTML is now nicely indented and much more readable. We also did an accessibility pass and tested our HTML with various screen readers to try to make the web view a bit less annoying to navigate.
- First pass at a basic spam filtering system. In light of spam waves happening on the fediverse recently we took a crack at implementing a filter to drop messages identified as spam. This is still in the experimental stage, but it's included in this release so you can try it out already. See the docs for details.
Migration notes
Upgrading
To upgrade to 0.14.0 from a previous release:
Binary/tar
- Stop GoToSocial
- Untar the new release, including the web assets and html templates.
- Edit your config.yaml file as necessary (see below).
- Start GoToSocial
Docker
- Stop GoToSocial.
- Pull the new docker container (
superseriousbusiness/gotosocial:0.14.0
orsuperseriousbusiness/gotosocial:latest
) - Start GoToSocial.
config.yaml
The configuration file has changed since the previous release. You can see a diff of the config file here: v0.13.0...v0.14.0#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622
Database Migrations
Instance description, short description, and terms
Because we changed the way instance description, short description, and terms are parsed and stored, you will need to re-enter these in the admin settings panel. After you've updated to this version, you can just copy-paste your existing descriptions and ToC from the index and about web pages of your instance, and paste them in to the appropriate fields in the settings panel.
(Custom) CSS and HTML
The big refactor of CSS and HTML means that custom CSS from 0.13.x versions of GoToSocial will likely not work as expected on versions >= 0.14.0. The HTML structure changed a bunch, and some of the class names and whatnot have changed as well. Sorry about that! But it needed to be done. For an example of custom css using the new class names and HTML structure, see the following:
/* Theme colors */
:root {
--acid-green: rgb(63, 255, 0);
--magenta: rgb(153, 50, 204);
/* Override */
--orange2: var(--acid-green);
}
html, body {
/* Funky scroll bar */
scrollbar-color: var(--acid-green) var(--gray1);
}
/* Instance display name */
.page-header {
grid-column: 2;
align-self: start;
margin: 1rem 0 1rem 0;
background-color: var(--gray1);
border: 0.25rem solid var(--magenta);
border-radius: var(--br);
}
/* Header card */
.profile .profile-header {
background-color: var(--gray1);
border: 0.25rem solid var(--magenta);
}
/* About + Pinned posts headers */
.profile .col-header {
background: var(--gray1);
border: 0.25rem solid var(--magenta);
}
.profile .about-user .col-header {
border-bottom: none;
margin-bottom: 0;
}
/* Change about sections */
.profile .about-user .fields, .profile .about-user .bio, .profile .about-user .accountstats {
background: var(--gray1);
border-left: 0.25rem solid var(--magenta);
border-right: 0.25rem solid var(--magenta);
}
/* Fiddle around with borders on about sections */
.profile .about-user .fields .field:first-child {
border-top: 0.25rem dashed var(--magenta);
}
.profile .about-user .fields .field {
border-bottom: 0.25rem dashed var(--magenta);
}
.profile .about-user .accountstats {
border-top: 0.25rem dashed var(--magenta);
border-bottom: 0.25rem solid var(--magenta);
}
/* Statuses + threads */
/* Thread column header */
.thread .col-header {
background: var(--gray1);
border: 0.25rem solid var(--magenta);
}
/* Main status body */
.status, .status.expanded {
background: var(--gray1);
border: 0.25rem solid var(--magenta);
}
/* Code snippets */
.status .text .content pre, .status .text .content code {
background: black;
color: var(--white2);
}
/* Block quotes */
.status .text .content blockquote {
background-color: black;
}
/* Media wrapper for attachments */
.status .media .media-wrapper {
background: var(--bg-nearly-opaque);
}
.status .media .media-wrapper details .unknown-attachment .placeholder {
border: 0.2rem dashed var(--magenta);
}
/* Polls */
.status .text .poll {
background-color: black;
border: 0.25rem solid var(--magenta);
}
.status .text .poll .poll-info {
background-color: black;
}
/* Status info bars */
.status .status-info, .status.expanded .status-info {
background: black;
}
/* Back + next links */
.backnextlinks {
background: var(--gray1);
padding: 0.5rem;
border: 0.25rem solid var(--magenta);
border-radius: var(--br);
}
.page-footer {
margin-top: 2rem;
background-color: var(--gray1);
border-top: 0.25rem solid var(--magenta);
}
Detailed changelog
Changelog for 0.13.0 vs 0.14.0. Some changes mentioned below may have already been included in 0.13.x releases.
Features / Performance
- [performance] simpler throttling logic by @NyaaaWhatsUpDoc in #2407
- [feature] Run ANALYZE after migrations on SQLite by @daenney in #2428
- [feature] Push status edit messages into open streams by @Sentynel in #2418
- [feature] request blocking by http headers by @NyaaaWhatsUpDoc in #2409
- [feature] Parse instance descriptors as markdown, show T&C on /about by @tsmethurst in #2481
- [feature] Allow webp emoji uploads / derefs by @tsmethurst in #2484
- [feature] Log pubKeyID for incoming http-signed requests by @tsmethurst in #2501
- [feature] Account alias / move API + db models by @tsmethurst in #2518
- [feature] Move + alias account via settings panel by @tsmethurst in #2519
- [performance] overhaul struct (+ result) caching library for simplicity, performance and multiple-result lookups by @NyaaaWhatsUpDoc in #2535
- [feature] Allow "charset=utf8" in incoming AP POST requests by @tsmethurst in #2564
- [feature] Ratelimit + serve emoji images on separate router group by @tsmethurst in #2548
- [performance] cache library performance enhancements (updates go-structr => v0.2.0) by @NyaaaWhatsUpDoc in #2575
- Improve context descendant sorting by @VyrCossont in #2579
- [feature] Try HTTP signature validation with and without query params for incoming requests by @tsmethurst in #2591
- [feature] serdes for moved/also_known_as by @tsmethurst in #2600
- [feature/performance] sqlite pragma optimize on close by @NyaaaWhatsUpDoc in #2596
- [performance] temporarily cache account status counts to reduce no. account counts by @NyaaaWhatsUpDoc in #2620
- [feature] Add metrics for instance user count, statuses count and federating instances count by @Tsuribori in #2592
- feat: add Mastodon-compatible HTTP signature fallback by @milas in #2659
- [feature] Add
requested_by
to relationship model by @tsmethurst in #2672 - [feature] Add "what is this" section to index template by @tsmethurst in #2680
- [feature] Add experimental
instance-federation-spam-filter
option by @tsmethurst in #2685 - [feature] Block Amazonbot by @daenney in #2692
- [feature/oidc] Add support for very basic RBAC by @9p4 in #2642
- [feature] add script to test import / export cycle of a gotosocial instance by @NyaaaWhatsUpDoc in #2693
Bugfixes
- [bugfix] fix poll total vote double count by @Sentynel in #2464
- [bugfix] 😇 by @NyaaaWhatsUpDoc in #2476
- [bugfix] increases sleep time before check in throttle test, to give more leeway by @NyaaaWhatsUpDoc in #2482
- [bugfix] fix check for closed poll to account for non-zero closed time by @NyaaaWhatsUpDoc in #2486
- [bugfix] Outdent placeholder from
<aside>
when returning unknown media attachments by @tsmethurst in #2485 - [bugfix] misc dereferencer fixes by @NyaaaWhatsUpDoc in #2475
- [bugfix] fix higher-level explicit domain rules causing issues with lower-level domain blocking by @NyaaaWhatsUpDoc in #2513
- [bugfix] Replace named unique constraint on header filter header with generic unique directive by @tsmethurst in #2525
- [bugfix] Better Postgres search case insensitivity by @tsmethurst in #2526
- [bugfix] Ensure domain block side effects skipped if allow in place (blocklist mode) by @tsmethurst in #2542
- [bugfix] Prevent URL + URI for same account being used as alias target by @tsmethurst in #2545
- [bugfix] Downgrade OTEL libraries to 1.20 by @daenney in #2546
- [bugfix/frontend] Break word on profile field names and values by @tsmethurst in #2551
- [bugfix] fix array type for also_known_as_uris by @tsmethurst in #2553
- [bugfix] Don't return Internal Server Error when searching for URIs that don't return AP JSON by @tsmethurst in #2550
- [bugfix] Don't return Account or Status if new and dereferencing failed, other small fixes by @tsmethurst in #2563
- Fix EmptyJSONObject/EmptyJSONArray by @VyrCossont in #2576
- [bugfix] Fix Postgres emoji delete, emoji category change by @tsmethurst in #2570
- [bugfix] update go-structr v0.2.0 => v0.3.0 to fix possible hash collision issues by @NyaaaWhatsUpDoc in #2586
- [bugfix] parent status replied to status not dereferenced sometimes by @NyaaaWhatsUpDoc in #2587
- [bugfix] fix possible infinite loops in media / emoji cleanup by @NyaaaWhatsUpDoc in #2590
- [bugfix] stop paged endpoints returning null for empty items by @NyaaaWhatsUpDoc in #2597
- [bugfix] Ensure activities sender always = activities actor by @tsmethurst in #2608
- [bugfix] fix postgres connection wrapping panic by @NyaaaWhatsUpDoc in #2636
- [bugfix] add stricter checks during all stages of dereferencing remote AS objects by @NyaaaWhatsUpDoc in #2639
- [bugfix] Fix dereferencing ancestors on new status create by @tsmethurst in #2652
- [bugfix] Refactor parse mention, fix local mention bug by @tsmethurst in #2657
- [bugfix] Ensure local statuses always get a threadID so they can be muted by @tsmethurst in #2665
- [bugfix] Use ptr for instance stats entries to avoid skipping 0 values by @tsmethurst in #2666
- [bugfix] use start + end line in regex when validating emoji via API by @tsmethurst in #2671
- [bugfix] fix possible mutex lockup during streaming code by @NyaaaWhatsUpDoc in #2633
- [bugfix] Fix wide images being squished when used as instance avatar by @tsmethurst in #2669
- [bugfix] 2643 bug search for account url doesnt always work when redirected by @NyaaaWhatsUpDoc in #2673
- [bugfix] Allow access to TMP directories in example AppArmor config by @tux93 in #2683
- [bugfix] Account timeline: exclude self-replies that mention other accounts by @VyrCossont in #2670
- [bugfix] check remote status permissibility (#2703)
- f487fc5 [bugfix] Sanitize incoming PropertyValue fields (#2722)
- 66d9297 [bugfix/tracing] fix broken tracing due to conflicting schema url (#2712)
- ea0efb8 [bugfix] update postgresqlstmt to correctly use postgres err hook (#2711)
- fcecd0c [bugfix] unwrap boosts when checking in-reply-to status (#2702)
Chores / version bumps
- [chore] Refactor HTML templates and CSS by @tsmethurst in #2480
- [chore]: Bump modernc.org/sqlite from 1.27.0 to 1.28.0 by @dependabot in #2470
- [chore]: Bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #2478
- [chore]: Bump github.com/google/uuid from 1.4.0 to 1.5.0 by @dependabot in #2469
- [chore]: Bump github.com/jackc/pgx/v5 from 5.5.0 to 5.5.1 by @dependabot in #2468
- [chore]: Bump github.com/minio/minio-go/v7 from 7.0.65 to 7.0.66 by @dependabot in #2467
- [chore]: Bump github.com/tdewolff/minify/v2 from 2.20.9 to 2.20.12 by @dependabot in #2509
- [chore]: Bump golang.org/x/image from 0.14.0 to 0.15.0 by @dependabot in #2506
- [chore]: Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 by @dependabot in #2507
- Bump follow-redirects from 1.15.3 to 1.15.4 in /web/source by @dependabot in #2512
- [chore/docs] Replace specific year range of copyright notice by @tsmethurst in #2520
- [chore]: Bump golang.org/x/net from 0.19.0 to 0.20.0 by @dependabot in #2533
- [chore]: Bump github.com/jackc/pgx/v5 from 5.5.1 to 5.5.2 by @dependabot in #2532
- [chore]: Bump github.com/tdewolff/minify/v2 from 2.20.12 to 2.20.14 by @dependabot in #2530
- [chore] update bun + extras v1.1.16 -> v1.1.17 by @tsmethurst in #2534
- [chore]: Bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 by @dependabot in #2531
- [chore] Move to codeberg's exif-terminator by @tsmethurst in #2536
- [chore] update viper version by @NyaaaWhatsUpDoc in #2539
- [chore] chore rationalise http return codes for activitypub handlers by @NyaaaWhatsUpDoc in #2540
- [chore] Harden up boolptr logic on Accounts, warn if not set by @tsmethurst in #2544
- [chore]: Bump github.com/KimMachineGun/automemlimit from 0.4.0 to 0.5.0 by @dependabot in #2560
- [chore]: Bump github.com/abema/go-mp4 from 1.1.1 to 1.2.0 by @dependabot in #2559
- [chore]: Bump codeberg.org/gruf/go-mutexes from 1.3.1 to 1.4.0 by @dependabot in #2562
- Update Feditext URL by @VyrCossont in #2568
- [chore] Add a couple tests for updating list entries by @tsmethurst in #2580
- [chore] bump activity dependency -> v1.6.0-gts by @tsmethurst in #2599
- [chore]: Bump github.com/yuin/goldmark from 1.6.0 to 1.7.0 by @dependabot in #2603
- [chore]: Bump github.com/google/uuid from 1.5.0 to 1.6.0 by @dependabot in #2604
- [chore]: Bump github.com/miekg/dns from 1.1.57 to 1.1.58 by @dependabot in #2606
- [chore] Move
DoOnce
func wrapper to util by @tsmethurst in #2613 - [chore] Allow (internal) callers to set their own freshness window for Accounts + Statuses by @tsmethurst in #2614
- [chore] Add AI check in PR template by @daenney in #2625
- [chore]: Bump golang.org/x/crypto from 0.18.0 to 0.19.0 by @dependabot in #2632
- [chore]: Bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by @dependabot in #2629
- [chore]: Bump github.com/tdewolff/minify/v2 from 2.20.14 to 2.20.16 by @dependabot in #2631
- Make GtS reported version SemVer-compatible by @VyrCossont in #2611
- [chore] also allow text/xml in place of application/xml by @NyaaaWhatsUpDoc in #2640
- [chore] Simplify the User-Agent string by @daenney in #2645
- [chore] refactor extractFromCtx a bit by @tsmethurst in #2646
- [chore] Disable Move API endpoints for now until Move is fully implemented in the backend by @tsmethurst in #2650
- [chore] Comment out silly, frequently-failing
GetStatusTwice
test by @tsmethurst in #2656 - [chore]: Bump github.com/tdewolff/minify/v2 from 2.20.16 to 2.20.17 by @dependabot in #2661
- [chore]: Bump github.com/minio/minio-go/v7 from 7.0.66 to 7.0.67 by @dependabot in #2662
- [chore]: Bump github.com/jackc/pgx/v5 from 5.5.2 to 5.5.3 by @dependabot in #2664
- [chore/frontend] Don't use italics for block quotes by @tsmethurst in #2667
- [chore/frontend] Use different background color for block quotes by @tsmethurst in #2668
- [chore] Rename frontend.tmpl to settings.tmpl, remove unused "lightgray" class by @tsmethurst in #2674
- [chore] Increase default max image description to 1500 chars, collapse cw char count into status by @tsmethurst in #2682
- [chore]: Bump github.com/tdewolff/minify/v2 from 2.20.17 to 2.20.18 by @dependabot in #2689
- [chore] add log line about lengthy reindex migration by @tsmethurst in #2695
- [chore]: Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2714)
- c7845c7 [chore]: Bump golang.org/x/crypto from 0.19.0 to 0.20.0 (#2716)
- adb4cdc [chore]: Bump modernc.org/sqlite from 1.28.0 to 1.29.2 (#2718)
- c2a691f [chore] Disable the syslog long message over Unix datagram socket test on macOS (#2700)
Docs
- [docs]: Update FAQ and ROADMAP by @OniriCorpe in #2458
- [docs] Describe how to block IPs using a firewall by @daenney in #2459
- [docs] Update roadmap for 2024 onwards by @tsmethurst in #2521
- [docs] Updates for DB, swap and HTTP/2 on nginx by @daenney in #2547
- [docs] Add a few things to the FAQ. by @mirabilos in #2557
- [docs] use latest cavage link for http signatures by @tsmethurst in #2565
- [docs] Correct wrong tracing transport option by @Tsuribori in #2566
- [docs] Fix log-timestamp-format by @daenney in #2572
- [docs] Add media attachments section to user docs by @tsmethurst in #2578
- [docs] Revamp storage migration by @daenney in #2571
- [docs] Mounting config file in container by @daenney in #2622
- [docs] Enable some new features by @daenney in #2623
- [docs] Fix a few things in the bare metal install by @daenney in #2624
- [docs] Inform new contributors to
git fetch
by @NoraCodes in #2637 - [docs] Add oauth token authentication workflow by @fyrfli in #2655
- [chore/docs] Various little docs updates by @tsmethurst in #2691
- 0b35257 [docs] Update HTTP signature docs a bit (#2721)
- 40ba936 [docs] Use human sizes for size limitations (#2706)
New Contributors
- @milas made their first contribution in #2659
- @fyrfli made their first contribution in #2655
- @tux93 made their first contribution in #2683
- @9p4 made their first contribution in #2642
Full Changelog: v0.13.0...v0.14.0